Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 227

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
Inflation dominates Powell's remarks, pressures stocks. Plus, big earnings tonight
As Americans struggle with rising costs, many states’ unemployment benefits fall short, analysis finds
Bitcoin faces pressure after hotter-than-expected inflation data: CNBC Crypto World
Beautiful Hidden Picture books?
Dry eyes?
What is a film seminar
Paradise: Jane
Special Event: The 98th Academy Awards, 2026
Trump waives Jones Act shipping rules for 60 days to steady oil market
Jim Cramer says you can still find stocks to buy on tough days in the market